Advisories

CERT-In Advisory CIAD-2026-0014

Multiple Vulnerabilities in Microsoft Products

Original Issue Date: March 25, 2026

Severity Rating: High

Software Affected

Azure DevOps: msazure
Azure Data Factory
Microsoft 365 Copilot
Microsoft Bing
Microsoft Copilot
Microsoft 365 Copilot's Business Chat
Microsoft Purview
Azure Cloud Shell
Microsoft Bing Images

Overview

Target Audience:
Individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products

Risk Assessment:
Risk of Remote code execution, elevation of privileges, system instability, or sensitive information disclosure

Impact Assessment:
Potentials compromise of system, exfiltration of data, ransomware attacks or system crashes.

Description

Multiple vulnerabilities have been reported in Microsoft Products, which could allow an attacker to execute remote code, gain elevated privileges, perform Server-side request forgery (SSRF) attacks and potentially view sensitive information on the targeted system.

For complete list of affected products, CVEs, workarounds and solutions, refer to the Microsoft security updates.
https://msrc.microsoft.com/update-guide/

Solution

Apply appropriate security updates as mentioned in:
https://msrc.microsoft.com/update-guide/

References

CVE Name
CVE-2026-23658
CVE-2026-23659
CVE-2026-24299
CVE-2026-26120
CVE-2026-26136
CVE-2026-26137
CVE-2026-26138
CVE-2026-26139
CVE-2026-32169
CVE-2026-32191
CVE-2026-32194

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-22902657

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India